Transitive trust network

ABSTRACT

Methods, data structures, and systems by which entities can efficiently discover, extend, validate and establish business relationships over a digital network are disclosed. A transitive trust system can be utilized by any number of interconnected entities in which at least two of the entities are capable of sharing information. One or more entity trust lists contain, for at least two of the entities, at least one characteristic. Each characteristic can, for example, describe or pertain to the actual or perceived dependability, reliability and/or credibility of an entity. The system also includes at least one transactional trust list that contains at least one parameter relative to an exchange between at least two of the entities through at least one degree of separation between the entities. The transactional trust list can, for example, be a listing of any type of parameters that define or describe business exchanges within a particular industry segment. The transactional trust list can also list information about the types of transactional activities that can take place and proxy actions available to cooperating entities. The system retrieves information from the entity trust list and the transactional trust list in order to provide a framework for at least two of the entities to establish relationships with one another.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of common-owned, co-pending U.S.application Ser. No. 09/945,469 (“Transitive Trust Network”) filed onAug. 30, 2001 naming Ryan Matthew LaSalle et al., the entire disclosureof which is hereby incorporated by reference.

FIELD OF THE INVENTION

The present invention relates to the field of establishing businessrelationships between entities and, in particular, to methods andsystems by which entities can efficiently establish new businessrelationships over a network.

DESCRIPTION OF THE RELATED ART

In the business world, it is important for manufacturers, retailers, andother types of businesses to be able to have a means for establishingtrust relationships with one another and with new partners. Today thisis of particular importance since a significant amount of business isconducted over wide area networks, such as the Internet.

In the past, if one company was interested in entering into a businessrelationship with another, methods for either of the companies todetermine whether the other was trustworthy included contacting theBetter Business Bureau or a credit-reporting agency. Another approachwas to make inquiries about a company's reputation.

Unfortunately, these labor-intensive prior-art approaches only providelimited information and are not automated. Moreover, these approaches donot help entities to establish trust relationships with one anotherand/or with new business partners. Consequently, there is need for asolution that enables entities to discover, extend, validate andestablish business relationships over a digital network.

SUMMARY OF THE INVENTION

The present invention overcomes the problems and limitations of theprior art by providing methods and systems by which entities canefficiently establish new business relationships over a network. Forexample, if a buyer attempts to establish a business relationship with(e.g. tries to buy goods on credit over the Internet from) a seller, thepresent invention enables the seller to determine whether the buyer istrustworthy, thereby allowing the seller to decide whether to enter intothe business relationship with the buyer. In order to determine whetherthe buyer is trustworthy, the present invention enables the seller tomake inquiries of companies—within an acceptable and/or specified degreeof separation—which the seller trusts. After evaluating the results ofthe inquiries, the seller can make an informed decision whether to enterinto the proposed business relationship. In sum, the various embodimentsdisclosed in this specification provide solutions that enable entitiesto discover, extend, validate and establish business relationships overa network.

In one embodiment, the present invention provides a system that permitsa seeking entity to establish a new business relationship with a soughtentity. An inquiry receiving component is capable of receiving aninquiry from the seeking entity. A response receiving component iscapable of receiving a response, which indicates that there is anexisting relationship between the sought entity and an intermediateentity. And, a confirming component is capable of confirming, based onthe response, that the new relationship may be established between theseeking and sought entities. (Entity or entities can includeindividuals, partners, corporations, companies, partnerships, and/or anyother type of business structures.)

In another embodiment, the present invention provides a transitive trustsystem that can be utilized by any number of interconnected entities inwhich at least two of the entities are capable of sharing information.One or more entity trust lists contain, for at least two of theentities, at least one characteristic. Each characteristic can, forexample, describe or pertain to the actual or perceived dependability,reliability and/or credibility of an entity. The system also includes atleast one transactional trust list that contains at least one parameterrelative to an exchange between at least two of the entities through atleast one degree of separation between the entities. The transactionaltrust list can, for example, be a listing of any type of parameters thatdefine or describe business exchanges within a particular industrysegment. The transactional trust list can also list information aboutthe types of transactional activities that can take place and proxyactions available to cooperating entities. In this embodiment, thesystem retrieves information from the entity trust list and thetransactional trust list in order to provide a framework for at leasttwo of the entities to establish relationships with one another.

In yet another embodiment, the present invention provides a transitivetrust system like the one discussed above. However, the system alsoincludes a capability domain and activity trust level database for theentities. The capability domain can allow classification of the role orfunction that one entity serves to another, such as, for example, bydefining or describing the way the entities interact. The capabilitydomain can classify the level at which information is shared or providedto any entity, thereby establishing the closeness of the trustrelationship. The activity trust level database can store information orparameters, which can be used to quantify the level or nature of therelationship between entities.

In a further embodiment, the present invention provides a method ofestablishing relationships between at least two entities. A secondentity receives a contact identifying a first entity. The second entitychecks a list of trusted entities to determine if the first entity is atrusted entity. If the first entity is not a trusted entity, the secondentity queries the trusted entities and specifies a predetermined degreeof separation. A relationship between the first and second entities isthen established if the first entity is known by at least one of thetrusted entities.

In other embodiments, the present invention can be partially or whollyimplemented on a computer-readable medium, for example, by storingcomputer-executable instructions or modules, or by utilizingcomputer-readable data structures.

Of course, the methods and systems of the above-referenced embodimentsmay also include other additional elements, steps, computer-executableinstructions, or computer-readable data structures. In this regard,other embodiments are disclosed and claimed herein as well.

The details of these and other embodiments of the present invention areset forth in the accompanying drawings and the description below. Otherfeatures and advantages of the invention will be apparent from thedescription and drawings, and from the claims.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention may take physical form in certain parts and steps,embodiments of which will be described in detail in the followingdescription and illustrated in the accompanying drawings that form apart hereof, wherein:

FIG. 1 shows a workstation and communication connections forimplementing the present invention;

FIG. 2 is a block diagram illustrating an exemplary content networkcorresponding to an individual in accordance with the prior art;

FIG. 3 is a block diagram illustrating an exemplary content network andcorresponding to a corporation in accordance with the prior art;

FIG. 4 a depicts a block diagram of an exemplary transitive trust systemand potential components thereof;

FIG. 4 b is a diagram depicting an embodiment of the present invention;

FIG. 5 is a diagram depicting a portion of the embodiment of FIG. 4 b;

FIG. 6 is a block diagram that is an example of degrees of separation inthe present invention;

FIG. 7 is a table of roles and trust levels of business partnersindicating the concept of activity trust vs. capability domains;

FIGS. 8-13 illustrate a method according to an embodiment of the presentinvention;

FIGS. 14 a and 14 b are flowcharts illustrating a method of anotherembodiment of the present invention; and

FIG. 15 depicts a computer-readable medium with exemplarycomputer-executable components or sets of instructions for implementinganother embodiment of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

In order to provide solutions that enable entities to discover, extend,validate and efficiently establish new business relationships over anetwork, the present invention is preferably implemented in conjunctionwith one or more computers and one or more networks. An exemplaryoperating environment for such a computer is illustrated in FIG. 1, inwhich the computer 100 is connected to a local area network (LAN) 102and a wide area network (WAN) 104. Computer 100 includes a centralprocessor 110 that controls the overall operation of the computer and asystem bus 112 that connects central processor 110 to the componentsdescribed below. System bus 112 may be implemented with any one of avariety of conventional bus architectures.

Computer 100 can include a variety of interface units and drives forreading and writing data or files. In particular, computer 100 includesa local memory interface 114 and a removable memory interface 116respectively coupling a hard disk drive 118 and a removable memory drive120 to system bus 112. Examples of removable memory drives includemagnetic disk drives and optical disk drives. Hard disks generallyinclude one or more read/write heads that convert bits to magneticpulses when writing to a computer-readable medium and magnetic pulses tobits when reading data from the computer readable medium. A single harddisk drive 118 and a single removable memory drive 120 are shown forillustration purposes only and with the understanding that computer 100may include several of such drives. Furthermore, computer 100 mayinclude drives for interfacing with other types of computer readablemedia such as magneto-optical drives.

Unlike hard disks, system memories, such as system memory 126, generallyread and write data electronically and do not include read/write heads.System memory 126 may be implemented with a conventional system memoryhaving a read only memory section that stores a basic input/outputsystem (BIOS) and a random access memory (RAM) that stores other dataand files.

A user can interact with computer 100 with a variety of input devices.FIG. 1 shows a serial port interface 128 coupling a keyboard 130 and apointing device 132 to system bus 112. Pointing device 132 may beimplemented with a hard-wired or wireless mouse, track ball, pen device,or similar device.

Computer 100 may include additional interfaces for connecting peripheraldevices to system bus 112. FIG. 1 shows a universal serial bus (USB)interface 134 coupling a video or digital camera 136 to system bus 112.An IEEE 1394 interface 138 may be used to couple additional devices tocomputer 100. Furthermore, interface 138 may configured to operate withparticular manufacture interfaces such as FireWire developed by AppleComputer and i.Link developed by Sony. Peripheral devices may includetouch sensitive screens, game pads scanners, printers, and other inputand output devices and may be coupled to system bus 112 through parallelports, game ports, PCI boards or any other interface used to coupleperipheral devices to a computer.

Computer 100 also includes a video adapter 140 coupling a display device142 to system bus 112. Display device 142 may include a cathode ray tube(CRT), liquid crystal display (LCD), field emission display (FED),plasma display or any other device that produces an image that isviewable by the user. Sound can be recorded and reproduced with amicrophone 144 and a speaker 146. A sound card 148 may be used to couplemicrophone 144 and speaker 146 to system bus 112.

One skilled in the art will appreciate that the device connections shownin FIG. 1 are for illustration purposes only and that several of theperipheral devices could be coupled to system bus 112 via alternativeinterfaces. For example, video camera 136 could be connected to IEEE1394 interface 138 and pointing device 132 could be connected to USBinterface 134.

Computer 100 includes a network interface 150 that couples system bus112 to LAN 102.

LAN 102 may have one or more of the well-known LAN topologies and mayuse a variety of different protocols, such as Ethernet. Computer 100 maycommunicate with other computers and devices connected to LAN 102, suchas computer 152 and printer 154. Computers and other devices may beconnected to LAN 102 via twisted pair wires, coaxial cable, fiber opticsor other media. Alternatively, radio waves may be used to connect one ormore computers or devices to LAN 102.

A wide area network 104, such as the Internet, can also be accessed bycomputer 100. FIG. 1 shows a modem unit 156 connected to serial portinterface 128 and to WAN 104. Modem unit 156 may be located within orexternal to computer 100 and may be any type of conventional modem, suchas a cable modem or a satellite modem. LAN 102 may also be used toconnect to WAN 104. FIG. 1 shows a router 158 that may connect LAN 102to WAN 104 in a conventional manner. A server 160 is shown connected toWAN 104. Of course, numerous additional servers, computers, handhelddevices, personal digital assistants, telephones and other devices mayalso be connected to WAN 104.

The operation of computer 100 and server 160 can be controlled bycomputer-executable instructions stored on a computer-readable medium.For example, computer 100 may include computer-executable instructionsfor transmitting information to server 160, receiving information fromserver 160 and displaying the received information on display device142. Furthermore, server 160 may include computer-executableinstructions for transmitting hypertext markup language (HTML) orextensible markup language (XML) computer code to computer 100.

As noted above, the term “network” as used herein and depicted in thedrawings should be broadly interpreted to include not only systems inwhich remote storage devices are coupled together via one or morecommunication paths, but also stand-alone devices that may be coupled,from time to time, to such systems that have storage capability.Consequently, the term “network” includes not only a “physical network”102, 104, but also a “content network,” which is comprised of thedata—attributable to a single entity—which resides across all physicalnetworks. Examples of this are shown in FIGS. 2-3 and briefly discussedbelow. Content networks are also discussed in detail in related U.S.application Ser. No. 09/817,917.

As depicted in FIG. 2, an individual may have different data stored intheir portable network 202 (e.g., a personal digital assistant), a homenetwork 204 (e.g., a desktop computer), a work network 206 (e.g., alaptop computer) and an automobile network 208 (e.g., an on-boardcomputer). FIG. 3 depicts a similar example in a corporate context. Thecorporate entity may have different data stored in a human resourcesnetwork 302, an information technology network 304, a warehouse network306 and a call center network 308. Of course, other physical networksmay be readily incorporated or substituted into the examples of FIGS.2-3. Each of these networks 202-208, 302-308 may be coupled to acommunication network 210, 310 such as a LAN 102 or WAN 104, so that thedata contained in the networks 202-208, 302-308 is commonly available tothe individual. Accordingly, all of the pertinent data attributable to asingle entity is part of the network (i.e., content network), regardlessof the physical network on which the data resides.

Thus, by implementing the present invention in conjunction with acomputer and network like any of those discussed above and/orillustrated in FIGS. 1-3, the present invention overcomes thelimitations and problems of the prior art by enabling entities todiscover, extend, validate and efficiently establish new businessrelationships.

In particular, the present invention provides this solution and theseadvantages by preferably utilizing a transitive trust system 401 likethe one shown in FIG. 4 a, which includes two or more components suchas, for example, a transactional component 403 and a trust component405. Transactional component 403 provides a peer-to-peer type capabilityfor sharing information regarding entities. Trust component 405 canstore trust-related information such as: valuation criteria for judgingrelationships, trust levels between all entities that are involved in aparticular project, proxy capabilities, and/or trust parameters that mayexist between entities.

More particularly, the valuation criteria of the trust-relatedinformation may be defined by the entities and may include factors suchas performance or activity of an entity in the past, size of order,monetary limits put in place, numbers of mishandled orders, etc. Thetrust levels can identify the potentially varying levels of trustbetween entities in the project. For example, Entity A might have a highlevel of trust for Entity B, but a lower level of trust for Entity C.This information could be captured in the trust levels. Proxycapabilities identify who can do what on behalf of an entity. Lastly,the trust parameters provide the ability to classify the nature of abusiness relationship and the level to which an enterprise is confidentin sharing information. Information can, of course, vary from the numberand type of items to be purchased to, for example, strategic plans onentering a new market with a new product.

The trust component 405 of the transitive trust system 401 can includetwo or more portions such as, for example, a portion directed to entitytrust portion 407 and a portion directed to transactional trust portion409. Entity trust portion 407 is preferably a list or other datastructure that stores the distinguishing characteristics of thosecompanies with which one has or desires to have a business relationship(i.e., an entity trust list). The entity trust can define or describethe dependability, reliability and/or credibility of the entitiesincluded in the list or data structure.

Exemplary types of characteristics that can be incorporated into theentity trust portion 407 include, but are not limited to: names of knownentities and corresponding information such as digital certificates,e-mail addresses, Hoover's reports, web site addresses, LDAP(Lightweight Directory Access Protocol), directory pointers, etc.; alisting of some or all previous transactions between a host and othertrusted users, such as date/time stamps, who originated the transaction,how the transaction was executed, etc.; a listing of the “content” ofhistorical transactions; a subjective or objective quality rating forhistorical transactions; an overall rating of another trusted user thatcan be used as a response to queries from other trusted users; and/or amapping of “who knows who” and tracking of how relationships wereestablished, and how the relationships can be extended.

Transactional trust portion 409 is preferably a list or data structurethat stores the parameters that define business exchanges within aparticular industry segment. Transactional trust portion 409 can includeinformation about the types of transactional activities that can takeplace and proxy actions available to cooperating entities. Further,transactional trust portion 409 can capture criteria related toconducting a single business transaction. These criteria can preferablybe divided between proxy and activity-trust parameters, and may beincluded in one or more transactional trusts (e.g., transactional trustlists).

Of these criteria, proxy trust parameters can be used to indicate ordetermine whether or not a party can forward requests to other trustedparties. Exemplary proxy trust parameters may include, but are notlimited to: can this party forward requests to other trusted parties(propagating requests through multiple degrees of separation); can thisparty add new trusted users (once a party's entity trust information isdiscovered in the network, does a trusted user have the right to updatethe requestor's records); can this party communicate “entity opinions”through the network (beyond creating new records, does a trusted partyhave the ability to pass along the trust ratings or subjective opinionsof the network back to the original requester); and other activities atrusted entity can perform on behalf of the trusting party includingdynamically created proxy parameters that are specified by any twocooperating parties within a transitive trust network.

The activity-trust parameters can be used to quantify the level ornature of the business relationship. By categorizing the nature of thebusiness relationship, an entity can better judge the level of trust inthe relationship and/or put other trust measures in context. Forexample, in a close business relationship a manufacturer anddistributors may share information regarding planning and forecastingfor inventory movements, but may not share information pertaining toproduct development. Activity trust parameters include, but are notlimited to the following: type of transaction a particular entity canhandle, such as purchasing, outsourcing, sub-contracting, etc.; activitytrust levels; and performance or activity of a partner in the past, suchas size of order, monetary limits put in place, numbers of mishandledorders, etc.

FIG. 4 b shows an inter-company transitive trust diagram depicting threecompany networks (company A network 402, company B network 404, andcompany C network 406). The three company networks 402, 404 and 406 areinterconnected by public network 400 such as a wide area network or theInternet. Public network 400 allows formatted messaging to be exchangedbetween the three company networks 402, 404 and 406. One implementationof such is a network that uses the Universal Description, Discovery andIntegration (UDDI) specification, which creates a global,platform-independent, open framework to enable businesses to discovereach other, define how they interact over the Internet, and shareinformation in a global registry that will more rapidly accelerate theglobal adoption of B2B E-commerce. UDDI is a cross-industry effortdriven by platform providers, software developers, marketplaceoperators, and E-commerce and business leaders that comprehensivelyallows growth of B2B E-commerce, and that benefits businesses bycreating this global, platform-independent, open framework. The UDDIspecifications take advantage of World Wide Web Consortium (W3C) andInternet Engineering Task Force (IETF) standards such as ExtensibleMarkup Language (XML), HTTP, and Domain Name System (DNS) protocols.Additionally, cross platform programming features are addressed byadopting early versions of the proposed Simple Object Access Protocol(SOAP) messaging specifications found at the W3C Web site.

As shown by example in FIG. 4 b, components in each of the companynetworks have various configurations. For example, the company A network402 is interconnected to the public network 400 by a public transitivetrust network service unit 408 which is connected in turn to a storageelement 410 that has public partner records. The public transitive trustnetwork service 408 is connected via a firewall 412 to an internaltransitive trust network service unit 414. This unit 414 is connected toa data storage device 416, which contains internal partner records, andto an internal certifying authority 418. The internal transitive trustnetwork service unit 414 is also connected to a terminal 420, which hasend user applications.

The company B network 404 has a public transitive trust network serviceunit 422 that is connected to the public network 400 and to a datastorage device 424, which contains public partner records. The unit 422is also connected via a firewall 426 to an internal transitive trustnetwork service unit 428. This unit 428 is connected to a data storagedevice 430, which contains internal partner records, and also to abiometric services unit 432. The unit 428 is also connected to aterminal 434, which contains end-user applications.

The company C network 406 is also connected to the public network 400 bya public transitive trust network service unit 434, which is connectedto a data storage device 436 containing public partner records. Afirewall 438 connects the public transitive trust network service unit434 to an internal transitive trust network service unit 440. The unit440 is connected to a data storage device 442, which contains internalpartner records, and to a corporate LDAP (Lightweight Directory AccessProtocol) or other authentication/security service unit 444. The unit440 is also connected to a terminal 446, which has end-userapplications.

FIG. 5 depicts in more detail internal network 402 of company A. Theinternal transitive trust network service unit 408 is connected to thedata storage device 410, which contains internal partner records, andfurther to a data storage device 502, which has internal securityservice applications. The internal transitive trust network service unit408 is connected to a plurality of end user applications depicted asterminals 504, 506, 508 and 510. The terminal 504 contains back officeapplications, the terminal 506 contains procurement applications, theterminal 508 contains enterprise resource planning (“ERP”) applications,and the terminal 510 contains E-business applications. This is only oneexample and is to be understood that numerous other applications may beutilized depending upon the environment in which the present inventionis used.

In a typical business environment companies know and trust certain othercompanies and, of course, there are a large number of companies, whichare unknown at any given point in time. Furthermore, in the businessworld one company may not trust another company for any type of businesstransaction, or it may have very high level of trust in another company.FIG. 6 depicts one example of a business community in which company Aknows and has a business relationship with companies B, B1 and B2.Company B for example knows and has business relationships withcompanies C, D and E. Company C knows and has business relationshipswith companies F1 and F2, company D knows and has business relationshipswith companies G1 and G2, company E knows and has business relationshipswith companies H1, H2, and Z, and company G2 knows and has businessrelationships with company X. There are no degrees of separation betweencompanies A and companies B, B2 and B3. However, there is one degree ofseparation between company A and companies C, D and E. There are twodegrees of separation between company A and companies F1, F2, G1, G2, H1and H2. There are three degrees of separation between company A andcompany X. According to the present invention, company A is able toestablish a business relationship at a specified trust level with acompany such as a company Z, which A does not know and which isseparated in the present example by two degrees of separation. Company Ais also termed a seeking entity, company Z is also termed a soughtentity, and the other companies are also termed intermediate entities.

In one implementation pertaining to an ongoing business setting, eachcompany has a partnership record, which defines its activity and levelof trust with another respective business partner. FIG. 7 shows oneexample of a partnership record 700, which has an active trust domain702 and capability domain 704. In this example there are fouractivity-trust levels that a company assigns to other companies: a levelone (706) in which a company essentially has little or no trust in theother company in a business sense, a level two (708) which is referredto as a commodity associate trust level, a level three (710) which isreferred to a competitive advantage trust level, and a highesttrust—level four (712)—which is referred to as a strategic trust level.In short, the levels 706-712 identify the closeness of the trustrelationship.

The capability domain 704 can be divided into one or more functions orroles that companies fulfill in business transactions between oneanother. Preferably, the functions or roles are defined by the nature inwhich the two entities interact. These functions or roles can include,but are not limited to: design 714, source 716, plan 718, buy 720, make722, sell 724, fulfill 726 and service 728.

In FIG. 7, various roles or functions that a particular company mightfulfill are depicted for each of the elements 714-728 of the capabilitydomain 704 and for each of the trust levels 706-712 in the active trustdomain 702. Thus, using the partnership record, for example referringagain to FIG. 6, company A is able to classify the roles that each ofthe companies B, B-2 and B-3 will fulfill along with a transitive trustlevel for each of theses companies. Each of the companies in thetransitive trust network of the present invention has a database forstoring the information as depicted in FIG. 7, for example, with regardsto its business relationships with other companies.

Within each of these capability domains 714-728, it is possible toclassify the level at which information is shared to any one partner inthe capability function. Thus, an enterprise can break down its partnerswithin a capability function into one of the trust levels 706-712. Inthis example of the present invention, depicted in FIG. 7, four levelsof activity trust or process levels 706-712 are defined for any one ofthe eight capability domains 714-728. As noted above, the labels givento these four levels 706-712 of activity trust 702, in order of one tofour, correspond to deeper levels of trust afforded to a partner.

For any activity trust level 706-712 in a specific capability domain714-728, a typical business process is associated therewith. That is, aspecific business process is defined at the intersection of eachactivity trust level label 706-712 with each role in the capabilitydomain 714-728 as illustrated in FIG. 7. That is, for any businessfunction, there are often four different levels of processes, which canbe placed in order of the level of trust that one associates with thatpartner. As an example, “design” 714 in the capability domain 704 and“strategic” 712 in the active trust domain 702, could correspond to thebusiness process of “collaborative access to systems” 730.

Exemplary characteristics of each of the four activity trust levellabels 706-712 used in the above example help to clarify the level ofrelationship afforded an entity when looking at that entity's function.For example, in level one 706, there is either no Trust or “Street”level Trust. This could indicate that the entity is: a known businessentity, but not necessarily a past business acquaintance; willing toextend standard terms of credit; willing to send purchase orders. Thisdesignation could also mean that there is no validation existing forthis entity's performance or reliability.

Level two is termed “Associate” 708 and could, as an example, have thefollowing characteristics: the company has done business in the past;the company is known to be reputable and has met the needs of a closepartner; the company is willing to extend credit; and the company isallowed to perform certain functions, such as Vendor Managed Inventory(“VMI”).

Level three is termed “Competitive Advantage” 710 and could, forexample, have the following characteristics: long term relationship;share planning and forecasting information; consulting with the companyregarding company direction and plans; and sharing of files and someaccess to systems.

Finally, level four is termed “Strategic” 712 and could, for example,have the following characteristics: integration between systems; accessto one another's systems; and include/participate in strategic planningand forecasting.

In many cases, the determination of an activity trust level 706-712 fora particular entity is a subjective judgment. A given entity may fillone of a few functions 714-728 in a given capability domain 704 andoperate at different levels 706-712 for each function. A determinationcould be made or rule applied (for example, at least common denominatorin level of trust afforded) with regards to the given entity. The lengthof time since any activity is performed with an entity may also be afactor. A competitive-advantage entity that has not transacted businesswith the partner in question within the last year could, for example, beautomatically re-classified as having an “Associate” level 708 ofactivity trust. This is because over time many alliance or marketplacechanges may have taken place, and it is necessary to re-evaluate therelationship before a high level of trust is again afforded.

In part because the determination of an activity trust level for aparticular entity is a subjective judgment, any error in assigningactivity trust levels may be magnified as the degrees of separationincrease. As a result, a seeking company may want to limit the number ofdegrees of separation between itself and a sought entity when seekingtransitive trust levels. In one embodiment of the invention, rules maybe established for associating a maximum number of degrees of separationwith trust levels. For example, when seeking a company having anactivity trust level of “strategic,” a seeking company may limit thesearch to 1 or 2 degrees of separation and allow greater degrees ofseparation for lower activity trust levels.

A seeking company may be linked to a sought company by more than onepath. In this case, the seeking company may choose to rely on theactivity trust level associated with the path having the fewest degreesof separation. Alternatively, the seeking company may consider otherfactors, such as the activity trust levels assigned to the intermediatecompanies. For example, the seeking party may give more weight to anactivity trust level associated with a path having more degrees ofseparation when the intermediate companies in that path have higheractivity trust levels. Of course, there are a number of different waysthat a seeking party can weigh, average or otherwise consider activitytrust levels obtained from more than 1 path.

As is well known in the business community, a company from time to timeneeds to find a new company to fulfill a particular role. It isimportant of course that the new company can be trusted to fulfill thatrule. FIG. 8 depicts an example of the method of the present inventionand FIG. 9 is a flowchart depicting the steps corresponding to FIG. 8.As depicted in FIG. 8, company Z (and all other companies in thetransitive trust network) has a list 802 of trusted users, a database804 of digital rights (that is, the partnership record) for each of thetrusted users in the list 802, and a list 806 of active peers (that isfor example, companies which are currently online with the presentcompany). In a first step 901, company A is contacted by company Zregarding potential business transactions. In a second step 902, companyA checks its trusted user list and finds that company Z is not containedtherein. That is, company Z is not known to company A. The companiescontained in the trusted users list for company A are companies B, L, M,N and O. At this point in time, companies L, M, N an O are not onlineand thus the only active peer is company B. In a step 903, company Awants to find out if company Z falls within three degrees of separationin its trust network. Company A then queries its trusted users (companyB) to determine who is available or active for peer requests. In step904, company B responds and is an active peer. In step 905, company Bverifies a rights management model that exists between itself andcompany A. A rights management model is a set of rules or rights used todetermine the type of information that may be exchanged betweencompanies. It is now been determined that company A is authorized tosend “do you know” queries to company B. In step 906, company A askscompany B if company Z is known to it, specifying a maximum of threedegrees of separation. In step 907, company B will query its trustedusers to find active peers.

The interaction between the companies is further depicted in FIG. 10 andin the corresponding flowchart of FIG. 11. In step 1101 company Bqueries its trusted users to determine who is available or active forpeer requests. Of its trusted users, company F is not online, butcompanies C, D and E are online and become active peers (see step 1102).Based on its list of peers and the trust agreement between company A andcompany B, company B in step 1103 forwards out a “do you know” query toits entire active trust network, that is company C, D and E on behalf ofcompany A. Again, rights management models between all peers areverified using any set of rules or rights that can determine the type ofinformation that may be exchanged between companies. In step 1104companies C and D also verify the rights management model and state thatthey do not know company Z. In step 1105 company E, which does knowcompany Z, queries company Z to determine if company Z is active forpeer requests. In step 1106 company E responds to company B with anaffirmative on knowing company Z. Company B in response thereto updatesits trusted users/rights list.

Continuing now with the method as depicted in FIG. 12 and acorresponding flowchart in FIG. 13, company B in step 1301 notifiescompany A that it does know company Z through three degrees ofseparation (specifically through company E). In step 1302 company B alsopasses transitive trust rights to company A that allow company A toreceive information from company E. In step 1303 company A establishescontact with company E through the trust passed by company B. In step1304 company A now queries company E for an “opinion” regarding companyZ. Company E then provides feedback based on the rights rules. Finally,in step 1305 company A agrees to further contact with company Z. CompanyA can now establish a business relationship with company Z with somedegree of trust, because company A trusts company B who trusts companyE.

This method may be embodied in a network such as depicted in FIG. 4 b.In this network 400 each of the networks, 402, 404, 406, has a computer(such as service unit 408 in network 402) and storage (such as storageelement 410 in network 402). In more general terms FIG. 1 also shows acomputer 100 that includes a central processor 110 and a system memory(storage) 112. As is known, instructions that are executed by theprocessor are storable on the storage. FIGS. 14 a and 14 b depict aflowchart of a further embodiment of a method of the present inventionthat is executable in computer environments such as depicted in FIGS. 1,2, 3 and 4 b. In step 1401, a first company is contacted by a secondcompany with regards to a potential business transaction (effected by,for example, an inquiry receiving component corresponding to aninstruction contained in the storage). This potential transaction may betype of business transaction such as for the sale of goods.

In step 1402, the first company checks its trusted user list anddetermines if the second company is known to the first company. Thisstep 1402 may include searching a database of known users. In step 1403,the first company queries companies that are trusted users thereof todetermine who is available for peer requests (e.g. which companies areonline or otherwise available). In step 1404, a third company notifiesthe first company that the third company is an active peer and isavailable to communicate with the first company. In step 1405, the thirdcompany verifies a rights management model that exists between the thirdcompany and the first company in order to determine the types ofinformation that may be exchanged. In step 1406, the first companyqueries the third company to determine if the second company is known tothe third company. The first company also specifies a predeterminednumber of degrees of separation. For example, the first company mayquery the third company to determine if the second company is known tothe third company through four degrees of separation.

In step 1407, the third company queries the further companies that aretrusted users thereof to identify companies that are available for peerrequests. In step 1408, a third company forwards, based on a respectedlist of peers and a trust agreement between the first company and thethird company, a “do you know” query to the further companies on behalfof the first company, verifying rights management models between allpeers. In step 1409, the further companies verify the rights managementmodel and determine if any of the further companies know the secondcompany. In a step 1410, a respective company of the further companiesthat the second company is known to, queries the second company todetermine if the second company is active for peer requests. In step1411, a respective company responds to the third company and indicatesthat it knows the second company. In step 1412, the third companynotifies the first company that the third company knows the secondcompany through the pre-determined number of degrees of separation, andpasses transitive trust rights to the first company (effected by, forexample, a response receiving component corresponding to an instructioncontained in the storage). In step 1413, the first company establishescontact with the respective company through the trust passed by thesecond company. In step 1414, the first company queries the furthercompany for an “opinion” regarding the second company, the furthercompany then providing feedback based on rights rules (effected by, forexample, a confirming component corresponding to an instructioncontained in the storage). Finally, in step 1415, the first companyestablishes a relationship with the second company based on the feedbackfrom the further company.

In other embodiments, the above methods or variations thereof could beimplemented by using one or more computer-executable components or setsof instructions as illustrated in FIG. 15. More particularly, one ormore computer-readable media 1500 could store computer-executablecomponents or sets of instructions in order to enable entities todiscover, extend, validate and/or establish business relationships overa network. In this embodiment, the computer-executable components couldinclude an inquiry receiving component 1502, which could receiveinquiries from a seeking entity that wishes to establish a businessrelationship with a sought entity. The components could also include aresponse receiving component 1504, which could receive responses fromother entities (e.g., an intermediate entity). These responses might,for example, identify whether a relationship exists between the soughtentity and the intermediate entity. Moreover, the components might alsoinclude a confirming component 1506 for confirming, based on theresponse, that the new relationship may be established.

In sum, it was a drawback of the prior art that a company did not have areliable method for establishing relationships and trusts with othercompanies that it does not know. With the present invention, companiescan initiate business relationships on a trusted basis with companieswithin a specified number of degrees of separation between itself andthe desired company. Thus, the present invention overcomes the drawbacksof the prior art and provides a solution that enables entities todiscover, extend, validate and establish business relationships over adigital network.

The present invention has been described herein with reference tospecific exemplary embodiments thereof. It will be apparent to thoseskilled in the art, that a person understanding this invention mayconceive of changes or other embodiments or variations, which utilizethe principles of this invention without departing from the broaderspirit and scope of the invention as set forth in the appended claims.All are considered within the sphere, spirit, and scope of theinvention. For example, the present invention may be used in connectionwith data networks that exchange information or content, such as thenetworks described in co-pending U.S. patent application Ser. No.09/817,917, filed Mar. 26, 2001, the disclosure of which is herebyincorporated by reference in its entirety. One skilled in the art willappreciate that the access rights and/or usage rules described in theco-pending application may incorporate the transitive trust conceptsdisclosed above. Consequently, the specification and drawings are,therefore, to be regarded in an illustrative rather than restrictivesense.

1. A computer-readable medium having computer-executable componentscomprising: a) an inquiry receiving component for receiving an inquiryfrom the seeking entity, the inquiry specifying a predetermined degreeof separation, the predetermined degree of separation being dependent onan activity trust level; b) a response receiving component for receivinga response indicating an existing relationship between the sought entityand an intermediate entity; and c) a confirming component forconfirming, based on the response, that the new relationship may beestablished, the response being indicative of a trust level of thesought entity by the intermediate entity regarding the existingrelationship; d) a verification component for determining whetherinformation can be shared between entities in accordance with rightsmanagement.
 2. A computer-readable medium having computer-executableinstructions for performing steps comprising: a) configuring acapability domain and activity trust level data base for each of the atleast two entities, the database having a plurality of levels of trustand a plurality of entity roles, the capability domain and activitytrust level data base comprising a plurality of entries, each entrybeing indexed by an entity role and a level of trust, each said entrybeing indicative of a corresponding business process; and b) creating atleast one receiving component that obtains information from an entitytrust list and a transactional trust list in order to provide aframework for at least two of the entities to establish relationshipsbetween one another, the entities being within a predetermined degree ofseparation, the predetermined degree of separation being dependent on anactivity trust level.
 3. The computer-readable medium of claim 2,wherein each respective level of trust in the plurality of levels oftrust defines a respective degree of trust between one entity andanother entity.
 4. The computer-readable medium of claim 2, wherein eachrespective role in the plurality of roles defines a respective functionthat one entity fulfills to another entity.
 5. The computer-readablemedium of claim 2, wherein a respective business process of a pluralityof business processes is associated with each combination of arespective role of the plurality of roles and a respective trust levelof the plurality of trust levels.
 6. A method, in a computer system, ofestablishing a new business relationship with a sought entity over anetwork, wherein all steps are performed on the computer system, themethod comprising the steps of: a) sending, by a first computer to asecond computer, an inquiry to an intermediate entity to determine ifthe intermediate entity has an existing relationship with the soughtentity, the intermediate entity being within a predetermined degree ofseparation, the predetermined degree of separation being dependent on anactivity trust level; b) receiving, by the first computer, a responsefrom the intermediate entity indicating an existing relationship betweenthe sought entity and the intermediate entity; and c) establishing thenew business relationship with the sought entity based on the response,the response being indicative of a trust level of the sought entity bythe intermediate entity and of a corresponding valuation criterion, thetrust level being dependent on the corresponding valuation criterion. 7.The method of claim 6, further comprising specifying an acceptabledegree of separation and determining whether the existing relationshipexists within the specified degree of separation.
 8. A method, in acomputer system, of establishing a relationship with an unknown company,wherein all steps are performed on the computer system, the methodcomprising the steps of: a) querying, by a first computer to a secondcomputer, at least one trusted company to determine the existence of arelationship between the at least one trusted company and the unknowncompany, the at least one trusted company and the unknown company beingwith a predetermined degree of separation, the predetermined degree ofseparation being dependent on an activity trust level; b) receiving, bythe first computer, a confirmation of a relationship between the atleast one trusted company, the confirmation being indicative of a trustlevel of the unknown company by one of the at least one trusted companyand a corresponding at least one valuation criterion, the trust level ofthe unknown company being dependent on the corresponding at least onevaluation criterion; and c) establishing a relationship with the unknowncompany in response to receiving the confirmation.
 9. A method, in acomputer system, of establishing relationships between at least twoentities, wherein all steps are performed on the computer system, themethod comprising the steps of: a) receiving, by an associated computer,at a second entity a contact identifying a first entity; b) checking alist of trusted entities by the second entity to determine if the firstentity is a trusted entity; c) querying, another computer by theassociated computer, if the first entity is not a trusted entity and ifa proxy parameter is indicative that trusted entities are permitted toforward requests to other trusted parties, and specifying apredetermined degree of separation, the predetermined degree ofseparation being dependent on an activity trust level; and d)establishing a relationship between the first and second entities whenthe first entity is known by at least one respective entity of thetrusted entities, the relationship being based on information from oneof the trusted entities, the information being indicative of a trustlevel about the first entity.
 10. The method according to claim 9, themethod further comprising: e) providing a capability domain and activitytrust level data base for each of entities, the database having aplurality of levels of trust and a plurality of entity roles.
 11. Themethod according to claim 10, further comprising: f) supporting eachrespective role in the plurality of roles to correspond to a respectivefunction that one entity fulfills to another entity.
 12. The methodaccording to claim 10, further comprising: f) supporting each respectivelevel of trust in the plurality of levels of trust to correspond to arespective degree of trust between one entity and another entity. 13.The method according to claim 10, further comprising: f) supporting arespective business process of a plurality of business processes that isassociated with each combination of a respective role of the pluralityof roles and a respective trust level of the plurality of trust levels.14. The method according to claim 9, the method further comprising: e)providing a capability domain and activity trust level database for eachof entities, the matrix having a plurality of levels of trust and aplurality of entity roles.
 15. A method in a transitive trust networkfor providing a framework for at least two entities to establishrelationships between one another, the transitive trust networkincluding at least one computer, wherein all steps are performed on theat least one computer, the method comprising the steps of: a) receiving,by an associated computer, at a second entity a contact identifying afirst entity; b) checking a list of trusted entities, associated withthe second entity, by the second entity to determine if the first entityis a trusted entity; c) querying, another computer by the associatedcomputer, if the first entity is not a trusted entity and if a proxyparameter is indicative that trusted entities are permitted to forwardrequests to other trusted parties, by the second entity at least a thirdentity of the trusted entities associated with the second entity, andspecifying a predetermined degree of separation, the predetermineddegree of separation being dependent on an activity trust level; d)checking a list of trusted entities, associated with the third entity,by the third entity to determine if the first entity is a trustedentity; e) continuing querying and checking, if the first entity is nota trusted entity, until a maximum separation of the degree of separationis reached or until the first entity is known to a respective trustedentity; and f) establishing a relationship between the first and secondentities when the first entity is known by at least one respectiveentity of the trusted entities, the relationship being based oninformation from one of the least one respective entity, the informationbeing indicative of a level of trust about the first entity.
 16. Themethod according to claim 15, the method further comprising: g)providing a capability domain and activity trust level data base foreach of the entities, the data base having a plurality of levels oftrust and a plurality of entity roles.
 17. The method according to claim16, further comprising: h) supporting each respective role in theplurality of roles to correspond to a respective function that oneentity fulfills to another entity.
 18. The method according to claim 16,further comprising: h) supporting each respective level of trust in theplurality of levels of trust to correspond to a respective degree oftrust between one entity and another entity.
 19. The method according toclaim 16, further comprising: h) supporting a respective businessprocess of a plurality of business processes that is associated witheach combination of a respective role of the plurality of roles and arespective trust level of the plurality of trust levels.
 20. A method ina transitive trust network for providing a framework for Companies toestablish relationships between one another, the transitive trustnetwork including at least one computer wherein all steps are performedon the at least one computer, the method comprising the steps of: a)contacting, between a first computer and a second computer, a firstcompany by a second company regarding a potential relationship; b)checking, by the first company, a trusted user list thereof anddetermining if the second company is known to the first company; c)querying, by the first company when the second company is unknown,companies that are trusted users thereof to determine who is availablefor peer requests; d) notifying, by a third company, the first companythat the third company is an active peer; e) verifying, by the thirdcompany, a rights management model that exists between the third companyand the first company; f) querying, by the first company, the thirdcompany to determine if the second company is known to the thirdcompany, specifying a maximum of a predetermined number of degrees ofseparation, the predetermined degrees of separation being dependent onan activity trust level; g) querying, by the third company when thesecond company is unknown, companies that are trusted users thereof todetermine who is available for peer requests; h) forwarding, by thethird company, based on a respective list of peers thereof and a trustagreement between the first company and the third company, a “Do YouKnow” query to further Companies on behalf of the first company,verifying rights management models between all peers; i) verifying bythe further Companies the rights management model and determining if anyof the further Companies know the second company; j) querying, by arespective company of the further Companies when the respective companyknows the second company, the second company to determine if the secondcompany is active for peer requests; k) responding by the respectivecompany to the third company with an affirmative on knowing the secondcompany, in response to the “Do You Know” query; l) notifying, by thethird company, the first company that the third company knows the secondcompany through the predetermined number of degrees of separation, andpassing transitive trust rights to the first company; m) establishing,by the first company, contact with the respective company through thetrust passed by the third company; n) querying, by the first company,the further company for an “opinion” on the second company, the furthercompany providing feedback based on rights rules; and o) establishing,by the first company, a relationship with the second company based onthe feedback from the further company.
 21. A computer-readable mediumfor use in a transitive trust network for providing a framework for atleast two of the entities to establish relationships between oneanother, the computer-readable medium having computer-executableinstructions for performing the steps comprising: a) receiving at asecond entity a contact identifying a first entity; b) checking a listof trusted entities by the second entity to determine if the firstentity is a trusted entity; c) querying, if the first entity is not atrusted entity and if a proxy parameter is indicative that trustedentities are permitted to forward requests to other trusted parties, thetrusted entities and specifying a predetermined degree of separation,the predetermined degree of separation being dependent on an activitytrust level; and d) establishing a relationship between the first andsecond entities when the first entity is known by at least onerespective entity of the trusted entities, the relationship being basedon information from one of the at least one respective entity, theinformation being indicative of a level of trust about the first entity.22. A computer-readable medium having stored thereon a data structurecomprising: a) a capability domain having a plurality of entity roleswithin a predetermined degree of separation, the predetermined degree ofseparation being dependent on an activity trust level; b) an activitytrust domain having a plurality of levels of trust; and c) a respectivebusiness process of a plurality of business processes being associatedwith each combination of a respective role of the plurality of roles anda respective trust level of the plurality of trust levels, wherein thedata structure is indexed by the capability domain and the activitytrust domain to obtain a corresponding business process.
 23. Thecomputer-readable medium having stored thereon a data structureaccording to claim 22, wherein each respective role in the plurality ofroles defines a respective function that one entity fulfills to anotherentity.
 24. The computer-readable medium having stored thereon a datastructure according to claim 22, wherein each respective level of trustin the plurality of levels of trust defines a respective degree of trustbetween one entity and another entity.
 25. The method of claim 9,further comprising: e) associating each of the trusted entities with anassociated trust level that is more trusted than a predetermined minimumtrust level; and f) establishing the predetermined minimum trust levelby an associated proxy parameter.
 26. The method of claim 15, furthercomprising: g) associating the third entity with an associated trustlevel that is more trusted than a predetermined minimum trust level; andh) establishing the predetermined minimum trust level by an associatedproxy parameter.